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A METHOD FOR SECURE NETWORK PURCHASING 
TECHNOLOGICAL FIELD OF THE INVENTION 

$ The present Invention relates to methods for implementing secure purchases 
over a computer network. More particularly, the methods relate to a system 
which permits purchases of merchandise to he made over a computer 
network, whereby the purchaser may feel confident that personal credit card 
information is not at risk of being diverted, misappropriated or stolen and the 

10 merchant may be more confident that the purchaser is bona fide. 

It is well known for buyers of merchandise to access the global client/server 
network commonly referred to as the Internet, a part of which Is the World 
Wide Web, for the purpose of searching for and purchasing merchandise from 

15 on-line vendors selling wares ranging from travel services and investment 
services to buying CD recordings, books, software, computer hardware and 
the like. Most purchases are conducted in the following manner: a purchaser 
using a browser application on his local client computerconnecte via his 
computer's modem to a dial-up Internet Service Provider (hereinafter "ISP') 

20 and makes connections therethrough to various Web sites, Internet server 
locations assigned a URL (Uniform Resource Locator) address. The 
purchaser selects his merchandise and the vendorusually requests payment 
by one of several methods, one of which usually includes payment by 
providing credit card information. 
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According to surveys and other marketing data, there always has been and 
there still exists a high percentage of the population which is detered from 
purchasing merchandise directly over the Internet, This large population 
5 apparently fears that, despite all the efforts at security and cryptography 
promised by the vendors, there still exists the probability that their credit 
account information will be intercepted on-line by a third party computer 
hacker and used illegally, at great expense and trouble for the cardholder. 

10 An additional anxiety-inducing factor related to merchandising over the 
Internet, or e-commerce, is that the merchant cannot always be certain that 
just because he has obtained credit card infomation, that he will actually be 
paid for the merchandise he ships. After all, credit card fraud and/or theft 
occurs regularly and may not be caught in time to stop the order from being 

is shipped. When the cardholder discovers the theft and stops the card, it may 
be too late for the vendor to recover his properly. At the very (east; this 
situation leads to unnecessary aggravation and wasted resources for the 
merchant, credit card company and cardholder. 

20 SUMMARY AND OBJECTS OF THE INVENTION 

It Is thus an objective of the present Invention to provide a method for 
potential on-line buyers of merchandise marketed over the Internet to pay for 
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those purchases with minimized exposure to the risk of credit card theft by 
electronic interception. 

It is a further objective of the invention to provide a mechanism for facilitating 
5 e-commerce which will increase the confidence of the consuming public in the 
safety of such transactions. 

It is still a further objective of the Invention to provide a mechanism for 
facilitating e-commerce which will increase the confidence with which vendors 
10 may ship the purchased product or deliver the purchased service without fear 
of the payment being provided fraudulently. 

These objectives and others and others not specifically enumerated herein are 
achieved by the invention disclosed herein which comprises a method for 
15 providing payment to an on-line merchant for services or goods provided to an 
on-line buyer. The method takes advantage of the existing business 
relationships between the member computers which form the structure of the 
Internet. 

20 Generally speaking, the Internet is a network of computers, remote from one 
another, linked by a variety of communications lines including telephone lines, 
cable television lines, satellite link-ups and the like. Internet service providers 
(hereinafter "ISPs") provide the link to the main backbone of the Internet for 
small end users. The account for the end user is established in the normal 
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manner usually by providing credit card Information to the ISP by conventional 
means, such as by voice telephony, fax transmission or check. In most 
ISP-end user relationships, the ISP has been given credit card or other credit 
account information, which information Is on file with the ISP and available to 
s the ISP's computers. In return for receiving payment, the ISP provides a 
gateway to the Internet for the end-user's use. The end-user (or subscriber) is 
provided with identification codes for dialling directly into the ISP's computers 
and software means (for example, dialler software, browser software, 
electronic mail software, and the like) for doing so if necessary. 

10 

Each time a subscriber signs In to the ISP's computers for an on-line session, 
the subscriber is assigned an Internet Protocol (hereinafter "IP") address. The 
subscriber's computer transmits messages which are received by the ISP 
computer and relayed through the IP address and out onto the Internet to the 
15 ultimate intended recipient computer. During the entire time the on-line 
session in progress, the IP addresB does not change and Is thus available as 
identifying information. By monitoring and occasionally re-verifying that the 
subscriber's computer is still on-line at the assigned IP address, the ISP can 
confirm mat certain activities could be attributed to the subscriber. 

20 

The present invention takes advantage of the intimate relationship which is 
re-created every time an Internet subscriber's computer goes online and signs 
into his ISP's computer by assigning to the ISP computer the function of 
clearinghouse and active intermediary between the subscriber's computer and 
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the vendor's computer. A subscriber computer signs in to the ISP computer 
system and is recognized and assigned an IP address. When the subscriber 
identifies merchandise or services at a vendor's website which he wishes to 
purchase, he sends programming to the website which selects the items and 

s instructs the vendor's computer to generate a purchase authorization request 
which is sent to the ISP computer, The purchase authorization request 
contains information about the merchandise to be purchased, identifying 
information about the proposed purchaser, some of which is the identifying 
information assigned by the ISP to the subscriber. The ISP confirms Internally 

10 that the subscriber is still signed in to the iSP computer system by verifying 
the identity of the computer currently actively communicating through the IP 
address. When satisfied that the subscriber is still online, the ISP computer 
generates and sends a message to the subscriber's computer requesting 
confirmation of the order for the merchandise. Upon receipt from the 

15 subscriber's computer of the confirmation, the ISP generates and transmits to 
the vendor's computer a message confirming the order and providing a 
confirmation number, agreeing to pay the invoice which the vendor's 
computer subsequently generates and presents to the ISP computer. ISP 
computer then uses the subscriber's credit card information and presents an 

20 invoice against the credit card account to be sent through normal channels. 
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Brief Description Of The Drawings 

For better understanding of the invention, the following drawings are included 
for consideration in combination with the detailed specification which follows; 

5 

Fig. 1 shows a buyer computer in communication with a vendor computer via 
the ISP computer, wherein buyer computer is initiating a purchase 
transaction; 

to Fig, 2 shows the vendor computer communicating with the ISP computer to 
request authorization to complete buyer's requested transaction; 

Fig. 3 shows the ISP computer confirming that correct IP address is active 
with buyer's computer and requesting confirmation of buyer's transaction; 

15 

Fig, 4 shows buyers computer responding to ISP computer's request for 
confirmation; and 

Fig, 5 shows ISP computer's transmission of a confirmation code and 
20 invoicing instructions to vendor's computer. 

Fig. 6 is a flow diagram which shows the steps of another exemplary 
embodiment of the present invention. 
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Detailed Description Of The Exemplary Embodiments 



As was mentioned hereinabove, the account for the subscriber (also referred 
to as an end user or Buyer) is established in the normal manner usually by 

s providing credit card information to the ISP by conventional means, such as 
by voice telephony, fax transmission or check. In most ISP-end user 
relationships, the ISP has been given credit card information and this 
information is on file with the ISP and avllable to the ISP's computers, In 
return for receiving payment, the ISP provides a gateway to the Internet for the 

10 end-user's use, The end-user (or subscriber) is provided with software means 
and identification codes for dialling directly into the ISP's computers. The 
ISP's computers assign an Internet Protocol (hereinafter "IP") address to the 
subscriber for use duiring the particular on-line session in progress, The 
subscriber's computer transmits messages which are received by the ISP 

is computer and relayed through the IP address and out onto the Internet to the 
ultimate intended recipient computer, During the entire time the on-line 
session in progress, the IP address does not change and is thus available as 
Identifying information. By monitoring and occasionally re-verifying that the 
subscriber's computer Is still on-line at the assigned IP address, the ISP can 

20 confirm that certain activities could be attributed to the subscriber. 



The present Invention takes advantage of the intimate relationship which is 
re-created every time an Internet subscriber's computer goes online and signs 
into his ISP's computer by assigning to the ISP computer the function of 



24.N0V.19yy aruDVL-cm, — 

Utility Patent Application 
Docket No. SAFE 3-01 

clearinghouse and active intermediary between the subscriber's computer and 
the vendor's computer. 

The method is described with reference to the drawings described 
s hereinabove as follows: 

The ISP (also referred to hereinafter as a "Clearinghouse Computer") is 
assigned a unique ISP-ID code. 

10 As described hereinabove, the ISP's subscriber or customer (hereinafter 
"Buyer") has gained the ability to access the internet network from his remote 
computer by opening an account with ISP. 

The Buyer has provided credit card or other payment information to the ISP 
is when the account was opened, by conventional mail, fax, voice telephony or 
any other acceptable method including known methods. In exchange, Buyer 
receives from the ISP certain software and identification codes which permit 
Buyer's computer to communicate with the ISP's computers and to negotiate 
(request and obtain) an IP address. 

20 

At time of first sign-on, Buyer's Computer (hereinafter referred to as "BC") 
transmits to BC a Buyer-ID code which is electronically recorded or written 
into a file (e.g. a cookie file) on BC. The Buyer 10 code could be generated by 
any number of methods known in the art for generating identification codes. 
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When Buyer activates his BC to log onto ISP network (BC provides standard 
log-in information to ISP), ISP also reads and logs in Buyer-ID code and 
assigns IP address for current session to BC. 

5 

BC connects via ISP portal with Merchant Computer (MC) and Buyer selects 
desired merchandise and further selects to pay using SafeWWW payment 
method disclosed hereinbelow. 

10 BuyeND and BC's IP address assigned for current session are provided to MC 
programmed to request and receive said Information 

MC is programmed to use Buyer-ID and BC's current IP address along with 
information such as desired Hem ID, cost and name for generating an 
is electronic purchase inquiry which Is transmitted through the network to ISP. 

ISP Is programmed such that upon receipt of purchase inquiry from MC, ISP 
uses combination of IP address and Buyer-ID to determine within ISP's 
internal network whether Buyer is in fact still online at the address assigned at 
20 the beginning of the online session. 

if ISP computer Is unable to confirm that BC is still connected to ISP system at 
the IP address expected, or that the BC IP address given by MC is different 
from that assigned by ISP to BC, then a negative message is generated by 
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ISP's computer and transmitted to MC thereby resulting in the early 
termination of the purchase transaction process by MC. ISP's computer may 
alternatively be programmed to conduct other tests or inspect for other 
necessary conditions in an attempt to verify the source of the order placed 

s with MC. 

If BC Is determined to be connected to ISP at correct address, ISP sends 
message containing details of purchase inquiry to BC asking Buyer to input 
confirmation of details of purchase desired to be transacted with MC. 

10 

Upon input of confirmation command by Buyer into BC, BC generates and 
transmits a confirmation to ISP. 

On receipt of Buyer's confirmation, ISP then generates and transmits a 
15 Transaction Confirmation Number and instructs MC to proceed with filling 
Buyer's order and also to generate and forward an invoice to ISP, 

The invoice to the ISP can be generated electronically and transmitted directly 
to ISP's computer, instantaneously (during the same session) or MC might 
20 wait until receiving programming indicating that the order has actually been 
filled. 

Receipt of the invoice by ISP's computer then causes the ISP computer to 
generate and transmit, either electronically or through conventional means, an 

n 
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instruction to Buyer's credit card company to debit Buyer's account for the 
amount of the purchase. Alternatively, it is contemplated herein that ISP 
could bill Buyer directly or any other reimbursement arrangement, e.g. through 
an insurance fund. 

5 

In other exemplary embodiments of the present invention, either the ISP's 
server acts as the security coordinator or security copordination is 
accomplished by a black box (hereinafter "ISP Toolbox") located at the site of 
the ISP server. The following description will describe the embodiment where 
10 the security coordinator functions are carried out by an ISP Toolbox, 

PhysicaJ Placement of ISP Toolbox- 

located at the physical site of the ISP, the ISP Toolbox is connected to the 
is phone or communication lines coming into the ISP server directly from users 
on one side of ISP server. The ISP Toolbox Is also connected to lines going 
out to the Internet (via the modem basket) from the ISP server. The ISP 
Toolbox does not interact directly with the ISP server. For the most part, it 
monitors Incoming and outgoing traffic, waiting to take over those 
20 communications should a security related transaction be called for by a home 
user. 

The ISP Toolbox is essentially a mini-server, dedicated to the security tasks 
assigned to it. The ISP Toolbox is provided with programming which, when 
activated, will send, receive and/or verify the proper forms and/or data to 
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either a participating home user, ISP server or vendor in order to carry out the 
proposed transaction. 

The following scenario describee what can happen when a request for such a 
security related transaction is detected by the ISP Toolbox. 

5 1, Application Process- This process only needs to occur once for each 
acccount which a user might have: 

a)!n order to begin participation In the secure transaction system installed 
by his or her ISP, a User at home connects his home PC with the server 
of the ISP with whom the home user has established an ISP-user 
id relationship. Upon establishing direct dial-up communications with the 
ISP server, the home user activates a file on ISP Website, for example by 
clicking a button presented on his browser using his input device, which 
alerts the ISP Toolbox to user's request for an application to enroll user's 
PC in system of the invention. 

is b)The ISP Toolbox supplies an apply.asp (".asp" denotes an active server 
page) file to the browser application, such as Netscape Company's 
Navigator® or Communicator® browser applications or Microsoft Corp.'s 
Internet Explorer® browser applications. The user fills in the requested 
information into the form and clicks on a submit button on his display. 

20 The apply.asp submits a new application record bearing the user's ISP 
user name back to the ISP Toolbox which in turn notifies the ISP, for 
example by way of an e-mail bearing a URL link to the application form, 

13 
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that a request for credit has been made. A credit decision on the 
application Is then made either electronically at the level of the ISP based 
on predefined or by a human credit manager. The ISP verifies the 
username and e-mail address of the user and sets a credit limit The 

s account is marked as "activated" by the setting of an approved credit 
limit which initiates promotion by the ISP toolbox of the user record from 
application status to active account status. 
2) Activation of the account initiates a process by which the ISP toolbox 
generates a UID or unique identification for the user. The ISP toolbox 

10 then generates and transmits an e-mail to the user which contains a link 
to a registration URL When the user opens the e-mail and clicks on the 
registration URL, ft downloads and activates an installation page and a 
system file from the ISP Toolbox, containing a Locator which comprises 
an <OBJECT> tag, the tag pointing to a GUID (Unique ID generator) and a 

is codebase. The Locator is installed in the user's browser cache and an 
instance thereof is blown inside the HTML page object module, 

3) The ISP Toolbox asks user to inspect his/her personal data, to choose a 
personal password and click an icon or button to finish activation of the 
new account. Clicking the button causes the onsubmit handler which 
20 came as part of the e-mail with the Locator, to start running a script which 
takes the user information, UID and further information about the user's 
computer and sends these back to the ISP Toolbox as well as saving 
them in cache files on the user's PC. The user's PC Is then put into a wait 
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state whereby it monitors a communication port waiting for a reply and it 
temporarily blocks the subscriber's browser. 

Once the submission code from step 3 above is received by the iSP 
Toolbox, there is activated a COM* object that sends a series of 
SET-PARAM commands back to the waiting locator using UDP or User 
Datagram Protocol. Thus, the ISP Toolbox first receives the submission 
code and extracts the form data, using it to update the user record 
previously created, adding to It certain hardware configuration 
information from subscriber's PC as well as adding the user's password 
and UID which have been encrypted via RSA or any other suitable 
encryption means, Then, using UDP, the ISP Toolbox provides the 
subscriber's PC with a Wallet of data in addition to, or which may include, 
the following items: a Password to be tendered by subscriber's PC to 
initiate the next online purchasing session, as well as the subscriber's 
UID, the ISP's identification, instructions on which IP address to check for 
the latest version of transaction software, as well as which IP adddress to 
use as a secure gateway, and software for future session password 
generation. 

After transferring the wallet to the client or subscriber PC, the ISP 
Toolbox redirects the users browser to a congratulations page which 
includes an <Object> tag pointing to the Locator. The onwindowload 
handler directs the Locator to add a wallet object to the page. 



Utility Patent Application 
Docket No. SAFE 3-01 

6) The Locator adds the wallet and the wallet Is asked by the script to 

record the user Identity which was set In the previous exchange between 
the ISP Toolbox and the subscriber's PC. This ends the application and 
registration or setup process. 

Example of Purchasing Session. 

a) Online user goes to Website of merchant using any Web Browser 
Program and selects merchandise to purchase. 

b) User Is offered methods of payment and selects option for 
SAFEWWW, This activates a script which searches users 
machine for installed SafeWWW software. 

c) Asks if you want form filled with information from Wallet Yes - 
Information (UID, Name, billing and shipping address, ISP-ID) 
extracted from Wallet and filled into form and form sent to 
merchant/vendor. At same time, user's onhandler script directs 
Wallet to execute Pay command. This returns random number 
to script and starts thread that waifs for event from network 

d) Vendor now receives info and adds info about cost of purchase, 
optionally adds merchandise info and sends it to the specific ISP 
Toolbox specified by ISP-ID from Wallet, 

e) Toolbox activates server Wallet that contacts User home Wallet 
Toolbox validates user hardware ID, UID, and when validated (or 
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not) it Instructs Wallet to open new browser window having URL 
to page showing result of handshake, 

f) If handshake was positive, then user's wallet displays 
confirmation page with transaction Info received from vendor 
and passed to Toolbox and user is required confirm order by 
typing in current password (selected at installation or changed 
during maintenance) or to deny the order. 

g) Confirmation is received by Toolbox and then Toolbox sends 
gatepass response to vendor which advises user that 
transaction has been approved. 

h) Gatepass is then forwarded to a central clearinghouse server 
which receives Gatepass and initiates payment to vendor. 
Gatepass can be provided with expiration time. Clearinghouse 
server can either be a fourth party server or it could be ISP 
server which serves as transaction clearinghouse as described 
hereinabove in first exemplary embodiment. 

The examples discussed herein and demonstrated by the 
Figures are merely for illustrative purposes only. Variations 
and modifications of the disclosed invention in a manner well 
within the skill of the man of average skill in the art are 
contemplated and are intended to be encompassed within 
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the scope and spirit of the invention as defined by the claims 
which follow. 
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I Claim: 



A method of performing secure electronic transactions on a 
computer network, said network comprising a buying 
computer, an ISP computer and a vendor computer, 
including the steps of: 

said ISP computer assigning to buying computer a Buyer-ID 
code and IP address; 

said buying computer communicating via said ISP computer 
with said vendor computer and allowing an operator to 
select merchandise or services for purchase; 

said Buyer-ID and buyer computer's IP address are provided 
to vendor computer programmed to request and receive said 
information; 

vendor computer is programmed to use BuyeND and BC's 
current IP address along with information such as desired 
Item ID, cost and name for generating an electronic purchase 
inquiry which is transmitted to ISP computer; 

ISP is programmed such that upon receipt of purchase 
inquiry from MC, ISP uses combination of IP address and 
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Buyer-ID to determine within ISP's internal network whether 
Buyer is in fact still online at the address assigned at the 
beginning of the online session; 

whereby if buyer computer is determined to be connected to 
iSP computer at correct address, ISP computer then 
generates and transmits Transaction Confirmation Number 
and instructs MC to generate and forward invoice to ISP 
computer. 
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